PT-2021-6824 · Xen +1 · Xen +1

Name of the Vulnerable Software and Affected Versions: Xen affected versions not specified Description: The issue is related to the dom0less feature of the Xen hypervisor, which allows administrators to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit for...

PT-2021-6610 · Xen +1 · Xen +1

Name of the Vulnerable Software and Affected Versions: Xen affected versions not specified Description: The issue is related to long running loops in grant table handling. Xen maintains information on grant mappings a domain may create to map grants offered by other domains. When carrying out...

PT-2021-6805 · Xen +1 · Xen +1

Name of the Vulnerable Software and Affected Versions: Xen affected versions not specified Description: The issue is related to improper authorization in the Xen hypervisor. Exploitation of this issue allows an attacker to access sensitive data, compromise its integrity, and cause a denial of...

PT-2021-6609 · Xen +1 · Xen +1

Name of the Vulnerable Software and Affected Versions: Xen affected versions not specified Description: The issue is related to inadequate access control in the Xen hypervisor. Exploitation of this issue allows an attacker to access confidential data, compromise its integrity, and cause a denial ...

CVE-2021-28696

IOMMU page mapping issues on x86 This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresse...

CVE-2021-28694

IOMMU page mapping issues on x86 This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresse...

CVE-2021-28698

long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. In the process of carrying out certain actions, Xen would iterate over all such entries, including ones...

CVE-2021-28697

grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated when a guest...

Security update for spectre-meltdown-checker (moderate)

openSUSE Security Update: Security update for spectre-meltdown-checker Announcement ID: openSUSE-SU-2021:2861-1 Rating: moderate References: 1189477 Cross-References: CVE-2017-5753 CVSS scores: CVE-2017-5753 NVD : 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2017-5753 SUSE: 7.1...

Hotfix XS82E031 - For Citrix Hypervisor 8.2

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2. Information About this Hotfix Component| Details ---|--- Prerequisite| None Post-update tasks| Restart the XAPI Toolstack Content live patchable| No Baselines for Live Patch| N/A Revision History|...

(Pwn2Own) Parallels Desktop WinAppHelper Improper Access Control Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...

Xen 竞争条件问题漏洞

Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. Xen has a security vulnerability that can be...

Citrix Provisioning Services - Target Device(s) Hang After 96 Hours With No PVS License

After a license server upgrade to support PVS 1912 LTSR from 7.15 LTSR Target Devices may immediately report entering "grace period". After 96 hours of uptime the Target Device may appear to freeze. Target Device hangs or freezes are typically first found in the Studio console by a CVAD...

PT-2021-6468 · Xen +1 · Xen +1

Name of the Vulnerable Software and Affected Versions: Xen affected versions not specified Description: The issue is related to weaknesses in the authentication procedure of the Xen hypervisor. Exploitation of this issue allows an attacker to access confidential data, compromise its integrity, an...

virt-who bug fix and enhancement update

An update is available for virt-who. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The virt-who service collects information about the connection between the...

AMD Secure Encryption Virtualization (SEV) Information Disclosure

Bulletin ID: AMD-SB-1013 Potential Impact: Information Disclosure Severity: Medium Summary AMD received notification of a potential security vulnerability from a team of researchers led by Professor Yinqian Zhang from Southern University of Science and Technology SUSTech. A paper titled...

CVE-2021-29765

IBM PowerVM Hypervisor FW940 and FW950 could allow an attacker to obtain sensitive information if they gain service access to the FSP. IBM X-Force ID: 202476...

Design/Logic Flaw

IBM PowerVM Hypervisor FW940 and FW950 could allow an attacker to obtain sensitive information if they gain service access to the FSP. IBM X-Force ID: 202476...

CVE-2021-29765

CVE-2021-29765 affects IBM PowerVM Hypervisor FW940 and FW950. If an attacker gains service access to the FSP, they can decrypt data in the Platform KeyStore, enabling disclosure of sensitive information. Remediation: apply FW940.30 (VL940_071) or FW950.10 (VL950_072) or above on listed Power Sys...

CVE-2021-29765

IBM PowerVM Hypervisor FW940 and FW950 could allow an attacker to obtain sensitive information if they gain service access to the FSP. IBM X-Force ID: 202476...